Looking back on some of this year’s top-rated sessions at RSAC^TM Conference 2025, it is clear that there were some recurring themes that resonated with audiences. One of the most prominent of these themes was the ever-expanding and ever-evolving role of the Chief Information Security Officer (CISO). Speakers this year touched upon ideas such as the increasing specialization of CISOs, the CISO’s growing importance in the everyday aspects of organizations, and strategies for newly appointed CISOs to hit the ground running and make an immediate impact. While each of these speakers approached the role from a slightly different angle, it is clear from all of them that CISOs will continue to function as an increasingly integral aspect of every organization that employs technology.

Todd Fitzgerald, whose works include, "CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers," and founder of the CISO Stories podcast, shared his perspective on the evolution of the CISO position over the past thirty years in his presentation “Reporting Lines Matter: The 2025 CISO’s Place in the Org Chart.” The role, as Fitzgerald sees it, has evolved six separate times beginning with initial CISOs who were simply tasked with securing logons and passwords to today’s role which he referred to as “The Integrated Business Resilient CISO.” With each iteration, the responsibilities of CISOs have expanded significantly in response to the increasingly complex ways technology has become entrenched in every aspect of day-to-day business. Fitzgerald urges CISOs and their organizations to examine their reporting structures and determine if their current practices are optimized or if there is a more beneficial system. He also stressed the importance of listening to all stakeholders explaining, “cybersecurity tone at the top can only be supportive if you are listening to the tone at the bottom.”

Nick Kakolowski and Steve Martano, researchers at IANS, examined the current state of CISOs, the skill sets needed to succeed in the present and future landscapes, and the ways that CISOs can leverage their increasing roles into more prominent and influential positions within an organization in their presentation, “CISOs: Elevate Strategic Impact and Unlock New Career Paths.” Kakolowski and Martano surveyed over 850 CISOs and 550 staff members as a means of determining not only the current compensation for the position but also of defining the responsibilities of CISOs across a broad range of organizations. They found that CISOs are increasingly taking on responsibilities similar to C-Suite executives, making it necessary for CISOs to hone their soft skills and connect their technical skills to the bigger picture as, “This will help enable you to advance your career and it’ll help the organization think of you not just as the tech leader, the security leader, but really the business leader, and the business risk leader.” By embracing these opportunities, CISOs can become more integral to the overall direction of the business.

For those transitioning into a new CISO role, Russell Eubanks, Principal Instructor at the SANS Institute and Managing Partner at Cyverity, spoke about the immediate impact that can be made during the first ninety days in his presentation “How to Win Your First 90 Days as a New CISO.” He reflected upon his own experiences and developed useful steps such as doing extensive research before stepping through the door and taking pains to learn as much as possible when actually starting in the role. One of his most important pieces of advice is to become “the new guy,” who is, “in the position of being the teacher, not the student, the novice, not the expert.” In doing so, this allows for greater opportunities for learning and exploration. Among other recommendations, Eubanks stressed developing strong relationships and immersing oneself in the culture before attempting to effect any real changes. He also explained the importance of building upon the first 90 days by being a continuous learner who reflects upon not only successes, but on failures as well.

With the constant evolution and expansion of CISO responsibilities, it can be difficult to understand what the position entails and how to fulfill the role successfully. With some of the Top-Rated Sessions at RSAC 2025, Todd Fitzgerald, Nick Kakolowski, Steve Martano, and Russell Eubanks gave their perspectives on the current CISO landscape and how to thrive and expand the role even further. To watch all of these presentations in their entirety and catch up with all of this year’s best sessions, visit the all-new RSAC Membership Portal, which contains additional content from industry leading experts, opportunities to network and communicate with cybersecurity  peers, and up-to-date information on the latest news and emerging trends as well as a new Artificial Intelligence (AI) assistant that can summarize and organize presentations into easily referenced pieces.